stealc

Sharing

Copy URL

Twitter E-mail

General

Target

ae9b8a2935bca5b773f906cf2da421b6e294e0c21cffd986f9ec779bfa3a31d9
Size

2.2MB
Sample

240701-pg7axsvbnl
MD5

3cbdca1ecf107b5483a2f67eaa89a707
SHA1

9afe261394209177f9b4ff5b4d422c0da4a25d43
SHA256

ae9b8a2935bca5b773f906cf2da421b6e294e0c21cffd986f9ec779bfa3a31d9
SHA512

472450a6b61ce6dae74ec13bf51f36c0bd3d5cb2226e635226b94ba4bb571b7cc7cdd5b8c9eb4b172904eb13a6c92207c4febae2e03f65385b0187292680d582
SSDEEP

24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXbkU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPf21tuuIeNHYGY0LzjsJxK

Score

10^/10

Malware Config

Extracted

Family

vidar

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Targets

- Target
  
  ae9b8a2935bca5b773f906cf2da421b6e294e0c21cffd986f9ec779bfa3a31d9
- Size
  
  2.2MB
- MD5
  
  3cbdca1ecf107b5483a2f67eaa89a707
- SHA1
  
  9afe261394209177f9b4ff5b4d422c0da4a25d43
- SHA256
  
  ae9b8a2935bca5b773f906cf2da421b6e294e0c21cffd986f9ec779bfa3a31d9
- SHA512
  
  472450a6b61ce6dae74ec13bf51f36c0bd3d5cb2226e635226b94ba4bb571b7cc7cdd5b8c9eb4b172904eb13a6c92207c4febae2e03f65385b0187292680d582
- SSDEEP
  
  24576:Uc0PyhhGkCI1wUL24jtYkYGbawg757CgXueAgXbkU2MZQti1u8LnsDJY6WpEYGYG:UJ0hsA91MPf21tuuIeNHYGY0LzjsJxK
Score

10^/10

stealc vidar discovery spyware stealer
- Detect Vidar Stealer
  stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Vidar Stealer

Vidar

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2